locked
UAG array / RDS Session Host Farm / RDS Gateway Farm RRS feed

  • Question

  • I was wondering if anyone could shed some light on pros, cons, caveats or anything on if it is possible to use a UAG array consisting of two devices to provide RDS gateway farm services for a published rds session host farm utilizing a connection broker.

    Both the UAG array and RDS gateway farm require NLB and I was wondering if its possible or if there are any drawbacks to using NLB with both the internal and external nics? Is it supported? Would this provide the best possible highly available secure RDS publishing method using the UAG?

    I am running UAG w/ sp1

    Thanks.

    Chris

    Friday, February 4, 2011 5:00 PM

Answers

  • Hi Chris,

    Right, I have had a dig around (thanks Ran) and it would appear that the RDG role on UAG array members are not part of an RDG farm and do not share session information.

    In terms of sustaining/autoreconnecting sessions, this is a little more vague and probably needs some specific testing to provide a 100% valid answer. Be aware that NLB is not session aware (and does not provide session state failover); subsequently, when an array member goes down, the remaining array members will not have session info (at the IP level) for the existing connection. This will likely therefore require re-authentication to the new array member, but whether the RDG on that array memebr will be able to reconnect to the existing session on the sessions host, is again not clear. 

    You could also look at the cross-site SSO configuration discussed here: http://technet.microsoft.com/en-us/library/ee921441.aspx but not sure this is totally valid here and is more for cross-trunk SSO on a single UAG host. It may be worth trying during you resting though ;)

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Marked as answer by chmeehan Tuesday, February 8, 2011 2:07 PM
    Tuesday, February 8, 2011 12:16 PM

All replies

  • Hi Chris,

    The UAG array members actually host the RD gateway role, as opposed to needing a separate RD farm.

    Have a look at this: http://technet.microsoft.com/en-us/library/dd857385.aspx#BKMK_integration

    NLB is only supported on the external NIC unless you are using UAG DirectAccess. However, NLB on the external NIC is sufficient for RDS publishing with high availability.

    Cheers

    JJ 


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, February 4, 2011 5:31 PM
  • JJ, thank you. I am familiar with the fact that the UAG array members host the role. However, I am unclear on whether or not they will share session information if  they are not in a RD Gateway farm. I guess I could simplify the question by asking if users will be able to sustain / autoreconnect their sessions should one of the array members go down?

    Thanks again.

    Chris

    Monday, February 7, 2011 3:20 PM
  • Good question, I am not actually sure...let me try and find out...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Monday, February 7, 2011 3:27 PM
  • Hi Chris,

    Right, I have had a dig around (thanks Ran) and it would appear that the RDG role on UAG array members are not part of an RDG farm and do not share session information.

    In terms of sustaining/autoreconnecting sessions, this is a little more vague and probably needs some specific testing to provide a 100% valid answer. Be aware that NLB is not session aware (and does not provide session state failover); subsequently, when an array member goes down, the remaining array members will not have session info (at the IP level) for the existing connection. This will likely therefore require re-authentication to the new array member, but whether the RDG on that array memebr will be able to reconnect to the existing session on the sessions host, is again not clear. 

    You could also look at the cross-site SSO configuration discussed here: http://technet.microsoft.com/en-us/library/ee921441.aspx but not sure this is totally valid here and is more for cross-trunk SSO on a single UAG host. It may be worth trying during you resting though ;)

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Marked as answer by chmeehan Tuesday, February 8, 2011 2:07 PM
    Tuesday, February 8, 2011 12:16 PM
  • Jason,

    Thanks for the assistance. The only thing I see holding me up at this point is the ability to join both array members to an "RD Gateway Farm" because of the limitation of NLB on the internal interface. I have NLB working for the array itself on the external side but I think the internal limitation might not allow for my desired results.

    Thanks again as always!

    Chris

    Tuesday, February 8, 2011 2:07 PM
  • I alreay noticed that the integrated RDG role on UAG is not part of a farm. As the link describes I assume UAG/RDG uses the RD Connection Broker to inform where the current session are present and redirect you to the right RD Session Host (or farm). But there is one issue...

    I cannot get UAG/RDG to interact with the RD Connection Broker. Or I do not understand how it does work. According the add RemoteApps wirzard you only have to enter your RD Session Hosts and such. I don't see anything about a RD Connection Broker.

    When I publish RemoteApps through UAG and enter the RD Session Host Farm hostname and follow all remaining steps, everything seems to work fine. But I don't think UAG/RDG uses the RD Connection Broker, is it? If I change the RD Session Host(name) and try to connect I get an error message that the RemoteApp is not on the allowed list of programs.

    Can UAG point directly to the RD Connection Broker? If UAG does support his, then the question on this post is probably answered.


    Boudewijn Plomp, BPMi Infrastructure & Security
    Friday, March 25, 2011 11:47 AM
  • Hi Boudewijn,

    Found this text:

    "RemoteApp applications - you can publish single or multiple RemoteApps on a single RDS server, or multiple servers by using a Remote Desktop Connection Broker (RD Conneciton Broker)"

    Source: http://social.technet.microsoft.com/wiki/contents/articles/forefront-uag-about-publishing-remote-desktop-services-rds.aspx

    and this:

    "Remote users can access Remote Desktops and RemoteApp applications via a Forefront UAG portal using a single RDS server, or by using a Remote Desktop Connection Broker (RD Connection Broker)"

    Source: http://technet.microsoft.com/en-us/library/dd857385.aspx

    So, it appears to be supported...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Friday, March 25, 2011 12:21 PM